package com.cjlgb.design.oauth.cfgbean;

import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author WFT
 * @date 2019/5/19
 * description: 认证相关配置
 */
@Configuration
@RequiredArgsConstructor
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web){
        web.ignoring().antMatchers("/oauth/check_token");
    }

    @Override
    @SneakyThrows
    protected void configure(HttpSecurity http) {
        //  使用表单方式登陆
        http.formLogin();
        //  认证管理
        http.authorizeRequests()
                //  不需要认证的请求
                .antMatchers("/login","/oauth/token","/oauth/token_key","/oauth/check_token").permitAll()
                //  其他路径都需要进行认证
                .anyRequest().authenticated();
        //  禁用防止跨站请求伪造
        http.csrf().disable();
    }

    /**
     * 创建认证管理器
     * @return AuthenticationManager
     */
    @Bean
    @SneakyThrows
    public AuthenticationManager createAuthenticationManager(){
        return super.authenticationManagerBean();
    }
}
